International standards for crypto are coming, but at what cost to innovation?

There are over 2,000 different coins in existence right now, each with their own unique characteristics, uses and communities, while there are masses of different blockchains, platforms and exchanges — all of which answer to competing needs and values. On the one hand, this profusion is one of the key driving forces behind innovation in the crypto sphere. But on the other, it arguably acts as a block against widespread adoption, as the lack of unified standards means that some morally questionable endeavors give the rest a bad name.

The past year has seen an intensifying push toward producing international standards for the cryptocurrency industry. Groups such as Global Digital Finance have risen with the aim of fostering universal standards on how crypto platforms are run, just as groups like the Blockchain Association and CryptoUK are now focused mostly on standards at a national level. Such organizations count the likes of Coinbase, Bitstamp, Circle and others as members, despite often being less than a year old.

However, while holding the promise that crypto will avoid stringent government regulation by learning how to regulate itself, there’s also a concern that global standards might hamper innovation, and that crypto — almost by nature — is not meant to be standardized.

Global Digital Finance

As Teana Baker-Taylor, the executive director of Global Digital Finance (GDF), told Cointelegraph, the London-based association aims “to demonstrate that self-governance and driving best practice is critical for the industry’s consumers and their confidence in crypto assets, as the sector continues to mature, and in concert with developments in regulation.”

In other words, GDF is seeking to develop voluntary guidelines and codes of conduct for exchanges, token sales, wallet providers, cryptocurrencies and ratings websites, and while it was launched only in March, it already has a strong roster of members.

At the end of October, payments company Circle (and owner of Poloniex) joined it as a founder member,adding itself to a list that includes Coinbase, R3, ConsenSys and Diginex. Meanwhile, Baker-Taylor affirms that the association has also begun having dialog with lawmakers and public institutions.

“With over 250 individuals and firms, global regulators and policy makers have paid attention to the GDF Code and the commitment of the community, and this is an important start. Understandably, the signal from many regulators has been mixed, but most we are engaging with are supportive of maintaining an open dialogue to ensure they do not stifle this important innovation.”

Yet, GDF isn’t only working on codes of conduct for token sales and crypto-exchanges. They’re also busy devising a taxonomy of cryptocurrencies, which seeks to divide coins into three broad types: payment tokens, financial asset tokens and consumer tokens.

Given that there is plenty of confusion and conflict among the world’s governments on how to define crypto, this attempt to produce a clear taxonomy of cryptocurrencies is much needed. However, seeing as how such organizations remain largely averse to classifying cryptocurrencies as money and/or assets, there will remain the worry that GDF’s taxonomy (and codes) may simply be disregarded by governments and regulators.

Governments

Despite possible opposition or resistance from governments, the groups like the GDF could have emerged precisely because of increasing government interest in crypto regulation. Anyway, their emergence at such a time presents the crypto world with a golden opportunity to get involved in the shaping of government policy.

In October, the Financial Action Task Force (FATF) — an intergovernmental group established by the G7 to combat money laundering — adopted a variety of changes to its standards concerning the regulation of virtual assets. And encouragingly for the crypto industry, these new recommendations were focused specifically on preventing money laundering and the financing of terrorism, leaving plenty of freedom for exchanges, token issuers and crypto-services to operate in accordance with the needs of their users and own logic. It said in its recommendations from October:

“The FATF Recommendations require monitoring or supervision only for the purposes of AML/CFT [Anti-Money Laundering/Countering Financing of Terrorism], and do not imply that virtual asset service providers are (or should be) subject to stability or consumer/investor protection safeguards, nor do they imply any consumer or investor protection safeguards.”

Put simply, the FATF sees no reason to do anything about the volatility or decentralization of cryptocurrency, which implies that it wants to leave the much of decentralized nature of crypto intact. That said, other governmental groups want to do more than simply prevent crypto from being used for crime or terrorism.

For example, Felix Hufeld — the chairman of the German Federal Financial Supervisory Authority (BaFin) — affirmed his view in October that the global community needs to produce international standards governing the handling of ICOs:

“The number (of ICOs) and the volume (of money) per ICO are both getting higher. Investors have mostly minimal rights.”

Still, while this could foreshadow a push for intergovernmental standards that dictate what ICOs can and can’t do, such moves remain at a very preliminary stage. And because governments have been slow to act here, this provides an empty space which groups like GDF – or the newly formed Blockchain for Europe association (which includes Ripple and the NEM Foundation as members) – could advantageously fill to the benefit of the wider crypto industry.

National beginnings, international endings

And while the world’s governments and governmental bodies slowly wake up to the idea of regulating cryptocurrencies at a global level, the crypto industry is increasingly producing new trade institutions that are beating them to punch when it comes to developing standards.

In March, CryptoUK was established, with the aim of producing self-regulatory standards for the United Kingdom’s cryptocurrency industry. But its chairman, Iqbal V. Gandham, tells Cointelegraph, there’s also an appetite at CryptoUK for international coordination.

“CryptoUK’s focus since our launch earlier this year has been on the U.K. — securing proportionate regulation here is our priority, but we support collaboration on regulatory approaches internationally, in particular learning the lessons — both good and bad — from other jurisdictions.”

And to an increasing extent, there does appear to be a growing willingness among crypto-related companies to work with each other on developing (international) standards. In August, the Gemini, Bitstamp, Bittrex and bitFlyer exchanges announced the formation of the Virtual Commodity Association Working Group. And like Global Digital Finance, its aim is to devise global industry standards on how crypto-exchanges are run and cryptocurrencies are traded.

Standards equals less innovation?

There is, then, every reason to believe that the crypto industry will, sooner or later, develop international standards and adopt them at large scale. But the question remains: Will such standards simply give the public greater confidence in crypto, or will they also have the unfortunate side effect of constraining innovation?

“In many industries, regulation and standards are seen as stifling innovation. However, in the crypto-assets market, regulatory and legal ambiguity poses challenges for growth. Clarity around the ‘rules of the road’ will better enable innovators to access new ways of accessing global capital and support emerging nascent business models with greater confidence.”

– Teana Baker-Taylor, executive director of Global Digital Finance

Similarly, there’s a risk that standards could put compliant companies at a disadvantage compared to those corporations or cryptocurrencies that simply (and perhaps illegally) flout them. Given that the decentralized nature of cryptocurrency provides people and groups with greater scope to disregard centralized authority, this is a real danger.

However, once international standards are in place and recognized, it becomes much likelier that the companies that do observe them will have a much better chance of working with and influencing regulators — something which will ultimately put them at a competitive advantage. And as Teana Baker-Taylor concludes, there’s a very strong appetite among crypto-related firms to foster and follow strong universal standards.

“GDF’s community is made up of hundreds of individuals and businesses from around the world who share a vision of growing a mature, stable, transparent and fair crypto-asset industry. The desire and commitment of the community to instil and drive sound business practices is enormously compelling and in our experience, is far more prevalent than those who do not ascribe to this mindset.”

Has the cryptocurrency exchange which you typically trade on already been hacked? If not yet, this is highly possible. Centralized exchanges, which Vitalik Buterin wished would “burn in hell,” can manipulate users’ funds and face regular attacks, while decentralized ones seem to have not yet found a balanced compromise between security and usability. At the same time, the experience of traditional banks in ensuring cybersecurity is still not in demand within the crypto industry, which leads to users’ millions of dollars theft or data breach, like in an incident happened to Atlas Quantum account owners on Aug. 25.

The top five attacks on crypto exchanges are well known to traders and studied by cybersecurity specialists around the world. The list is headed by Mt. Gox, which has recently started accepting refunding claims of the traders affected by the hack.

Mt. Gox

Mt. Gox was first hacked in 2011, and then in 2014. The hackers compromised the account belonging to an auditor of the exchange. In the first case, 500,000 BTC — equivalent to $8.75 million — were stolen from the accounts and from the depository as a result of the exchange’s database being hacked. In the second case, attackers managed to withdraw much more — 850,000 BTC.

Civil investigators, unfamiliar with the subtleties of the cryptocurrency industry, were able to confirm the movement of only 200,000 BTC, which hackers transferred to their wallet by altering a nominal value of one Bitcoin to one cent. What happened to the rest of the assets is still unknown. The exchange terminated its operation in February 2014, resulting in three powerful blows to the Bitcoin exchange rate. Thus, in 2011, the cryptocurrency price fell from $32 to several cents; in 2014, from $720 to $550; and in 2018, Mt. Gox arbitration manager Nobuaki Kobayashi sold a total of 35,841 BTC in the falling market, accelerating its further fall. Recent activities of Mt. Gox administration infuriated the deceived users, who demanded to “just give the people their money in BTC!”

Protection advice

Some cryptocurrency exchanges strengthen their defences by working with trustworthy security auditors who have proven hack-proofing expertise and white hat skills. They prefer to work with one contractor in relation to audits, DDoS mitigation, scans and site updates.

This minimizes the risk of audit-related vulnerability and access to stored funds falling into the wrong hands. For higher protection, additional banking tools are used — such as segregated master wallets, cold storage, layers of withdrawal authorization, IP address verification and email confirmation, two factor authentication (2FA) login and a crypto debit card, which can all be used to verify payments and user logins to the exchange.

iBitt COO Chris Schwarzenbach shared with Cointelegraph that the highest level of cybersecurity is only possible with a centralized exchange service, which has the development resources, security team, hidden servers and responsive control necessary to run military-grade security for a crypto exchange.

BitFloor

Country: USFounder: Roman ShtylmanFunds stolen: 24,000 BTC

BitFloor suffered from the second largest hack in crypto history back in September 2012. It all started when the exchange’s server crashed, either under the influence of a DDoS-attack or because of a power outage in the data center — as was claimed by its owner Roman Shtylman.

Four days after, the hackers used a backup copy of the key from the hot wallet of the exchange, where the funds of traders were stored, and withdrew 24,000 BTC. Shtilman made an unsuccessful attempt to compensate the victims by selling a stake in BitFloor’s property, but could not find an interested party. In 2013, the exchange closed, leaving the affected investors with nothing.

Protection advice

According to security experts, Bitfloor made two errors at once that led to such a severe financial loss. The first was storing the data in an unencrypted way — which Shtylman honestly confessed to — and the second one, which only aggravated the situation, was leaving large sums of money in an online-accessible hot wallet.

The simplest action to be done by any exchange in order to prevent the theft of coins is to keep the majority of its funds in “cold storage,” which ensures that private keys never touch any computer accessible from the internet. ThomasV, the lead developer of the Electrum client, provided seven key recommendations for cryptocurrency exchanges:

Don’t store more Bitcoin outside cold storage than you can afford to lose and remain solvent

Deposits should be sent to cold storage addresses directly

Transfer from cold storage to hot storage should be manual only

An attacker shouldn’t be able to disguise a theft as a series of withdrawals from customers

If a withdrawal request exceeds the amount available in the hot wallet, the customer should have to wait. Receiving coins 24 hours later is better than never

Clone your database to a place where an attacker cannot irreversibly modify or delete it from the server

Send digitally signed account statements to customers regularly, using a key that is not on the public server

Poloniex

Country: USFounder: Tristan D’AgostaFunds stolen: 97 BTC

Poloniex takes the 3rd place in the long list of victims. In May 2017, hackers discovered a critical vulnerability in the exchange’s software — all the withdrawal requests being simultaneously sent, were automatically processed regardless of the account balance. The owner of Poloniex, Tristan D’Agosta, did not name the exact amount of the stolen goods, but announced that the total users’ funds were reduced at the time of hack equivalent by 12.3 percent or 97 BTC.

To cover the losses Poloniex had to cut all users’ balances by this amount. These funds were temporarily frozen and then returned to users from personal funds, with an increase in the exchange’s fees going up 1.5 percent. Users found this decision acceptable, and Poloniex saved its reputation and continued to work — periodically undergoing minor attacks. Now the exchange belongs to the American payment system Circle.

Protection advice

Tristan D’Agosta publicly revealed in his BitcoinTalk post what crucial mistakes had been made by the administration:

“The major problem here was that withdrawals should have been queued at every step of the way. This could not have happened if withdrawal requests were processed sequentially instead of simultaneously. Additionally, auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.”

Agosta has also advised on precautionary measures to be done in order to prevent such irreversible damage and shared new changes in the exchange’s security system:

“Withdrawals and order creation have been switched to a queued method, where the first step is to add the task to a global execution queue that is processed sequentially. Each step of critical database operations is verified before proceeding, and such operations are in the process of being converted to transactions. I have hired additional developers to help with tightening up security at Poloniex, as well as created a bug bounty.”

Bitstamp

Country: SloveniaFounders: Merlak brothersFunds stolen: 19,000 BTC

In 2015, Bitstamp lost 19,000 BTC, which were stolen by hackers from the exchange’s hot wallet. At that time, the losses were equivalent to $5 million. Surprisingly, a banal phishing attack was used by hackers — the exchange employees received personal emails and messages in Skype from seemingly friendly sources.

What’s maybe even more surprising is that the person responsible for security, Bitstamp system administrator Luka Kodrich, clicked the link and downloaded malware onto the working computer, after which the exchange was hacked. Bitstamp hurried to notify traders about what was happening, however, the attackers had already stolen the funds. Compensation did not followed, but the security regime was toughened that helped the exchange recover quickly. For the purpose of developing multi-signature protection Bitstamp has partnered with BitGo.

Bitfinex

Bitfinex became the victim of hackers in August 2016. Unknown people used a bug in the multisignature system, which was supported by BitGo’s partner company. The hackers deceived the BitGo algorithms in an unknown way, forcing them to approve transactions and withdrew about 120,000 BTC from the hot wallet, worth the equivalent of $72 million at the exchange rate at that time.

The Bitfinex founders confronted the users about the fact that financial losses would be distributed among all the users, 36.067 percent of whose coins would be frozen. These funds were later compensated by BFX tokens, which could be converted into U.S. dollars at the exchange rate, or into shares of iFinex Inc., which belongs to Bitfinex founder. This chosen — and seemingly proper — policy helped the exchange stay in the top until today.

Protection advice

Emin Gün Sirer, a famous computer scientist, specialist in hacking researches, and professor at Cornell University, suggested a solution that does not break Bitcoin’s all-too-critical irreversibility when dealing with strangers, but allows someone to take back his funds in the event of a hack:

“The special thing about vaults is that they come with two keys. One key is used to unlock the vault and move your funds to a regular wallet. The other one, called a recovery key, is used when you notice that your funds were hacked and moved out of the vault by a hacker. You can then use your recovery key to undo the hack — you have 24 hours to notice and launch the recovery and get back all the funds. Notice that you cannot fool a merchant with this trick and revert a real transaction. All you can do is take back your own money from someone who is trying to steal it. If I may say so myself, it’s a pretty ingenious scheme. It’s almost like someone ought to work on it.”

Chronicle of 2018

Despite all the hopes of the crypto community, the year has not brought anything new to the established practice of securing the exchange sites, and 2018 is being marked by numerous attacks made with the help of new sophisticated hacking tricks. According to the Wall Street Journal, since the beginning of the year, hackers have managed to steal more than $800 million and are not going to stop there.

Coincheck

Coincheck was attacked by hackers in the last days of January 2018. The target, as in most cases, was the hot wallet of the exchange, from which 523 million NEM tokens were stolen. Despite all the previous examples, the exchange continued to keep users’ funds and even their own funds in the hot wallet and did not use the multisignature for protection.

Will the hackers cash out the stolen goods? Hardly. The crypto community united after this theft and finally began to actively exchange information in order to prevent further movements of stolen funds. In particular, the ShapeShift instant exchange service has banned the exchange of NEM coins. This example was followed by other services, since 11 anonymous addresses, which the stolen tokens had been transferred to, have been tagged with a sign “coincheck_stolen_funds_do_not_accept_trades: owner_of_this_account_is_hacker,” so it isn’t difficult to track any transaction made by hackers. The investigation of the incident and the development of compensation options for users are continuing.

Protection advice

Coincheck’s example emphasized the importance of properly organized storage of users’ funds on the exchange. Security layers and warning triggers are a must for any exchange service, says Nick Moore, CEO at Investa, a U.K. crypto exchange which also operates debit cards and ATMs:

“We hold minimal coins in our hot wallets and operate a time delay on withdrawals with manual review process, so the ability to hack account and amount of coins held on exchange is low. The risk of loss is minimized through the manual procedures of moving coins to cold storage when we identify that any excess funds have accumulated and are not needed for immediate liquidity. Storing the funds on cold wallets ensure they cannot be hacked and keeping a minimal float in hot wallets helps to save the liquidity.

“I’m sure users don’t mind waiting a little longer for their withdrawals, when they realize that this is one of the best ways to fight the hackers.”

BitGrail

Country: ItalyFounder: Francesco FiranoFunds stolen: $170 million

On Feb. 13, BitGrail lost $170 million in Nano (XRB) as a result of hacking attacks. At the same time, the founders of the exchange started a public discussion with developers of Nano’s blockchain in order to define which side was responsible for the bug that led to the hack.

The developers of the cryptocurrency accused BitGrail of giving insufficient attention to ensuring security — in particular, in the absence of the authentication procedure for users. Later the exchange stopped working and turned over the investigation to the police.

The authorities of Florence confiscated all the cryptocurrency from the BitGrail deposit to secure the claim of the affected users, and the Nano Foundation promised to take part in the protection of their interests and compensation for losses.

Coinrail

Country: South KoreaFounder: Lee NussFunds stolen: $40 million

Coinrail fell victim to a hacking attack on June 10, 2018 and lost a total of $40 million in 11 cryptocurrencies. Immediately after the attack, the representatives of the exchange were not ready to provide any intelligible information, so the details of the theft were revealed by the participants in the Pundi X project, whose tokens were also among the kidnapped.

A month later, on July 15, the exchange resumed trading and offered the victims two compensation schemes: a gradual refund through the purchase of stolen cryptocurrency and compensation with Coinrail RAIL tokens, which can then be converted into a cryptocurrency at the inner rate.

Protection advice

Rik Ferguson, an analyst at cybersecurity firm Trend Micro, believes the problem is in the weakness of the development team, insufficient cybersecurity education of the staff and poor investment in fraud analytics:

“By and large these exchanges are small businesses and they are most often in permanent startup mode, facilitating transactions. These organizations have small security teams, if they have one at all, little to no experience in securing a financial institution and generally a very large, attractive pile of money.”

Bithumb

Country: South KoreaFounder: Kim De ShiFunds stolen: $30 million

Bithumb was hacked on June 19, just a few days after it updated its security systems. $30 million, which was 10 percent of the total trading volume, was stolen by the attackers. This is the second incident in the chronicle of Bithumb. The first occurred on June 29, 2017, when the personal data of 30,000 users — equivalent to three percent of all the users by that time — was compromised. Hackers tried to access users’ one-time passwords, but the exchange froze trades and made changes to the security system.

At the same time, Bithumb spends eight percent of profits on security, strictly follows the rule “5.5.7” when five percent of employees are IT specialists having the confirmed expertise, five percent possess the skills to ensure cybersecurity, and at least seven percent of the company’s profits are spent on its funds protection.

At the time of the hack, the exchange discovered a potential threat and was already withdrawing users’ funds to a cold wallet. Affected traders were promised to be compensated from the personal funds of Bithumb administration.

Protection advice

Charlie Lee in a tweet expressed hopes for the restoration of the exchange and gave users concise advice, warning against such situations:

“As I’ve said many times, be smart and only keep on exchange coins that you are actively trading. It’s best to withdraw right after trading.”

Bancor

Country: SwitzerlandFounder: Guy BenarziFunds stolen: $23 million

Bancor, a decentralized exchange created in opposition to centralized ones, to which Vitalik Buterin has recently addressed his angry “burn in hell” statement, was attacked by hackers on July 9, 2018. It is noteworthy that this happened a day after the exchange expressed in the official Twitter post the full agreement with Vitalik Buterin about centralized decisions and stated that decentralized exchanges are the future.

From the exchange’s hot wallet, hackers withdrew a total of $23.5 million. Almost half of the stolen funds was made up of their own BNT tokens ($10 million), Ethereum ($12.5 million) and Pundi X ($1 million). Its tokens were immediately frozen, which caused a flurry of criticism from the cryptocurrency community, because such actions directly contradict the principle of decentralization. Charlie Lee summed up the overall view in his Twitter, announcing that Bancor can manipulate users’ funds.

A Bancor wallet got hacked and that wallet has the ability to steal coins out of their own smart contracts. 🤦‍♂️

An exchange is not decentralized if it can lose customer funds OR if it can freeze customer funds. Bancor can do BOTH. It’s a false sense of decentralization. https://t.co/22UYygIhEF

As for users’ tokens, Bancor immediately created a coalition with the instant exchange service Changelly, through which the hackers tried to withdraw funds. Transactions were frozen there as well.

How do banks deal with this?

Classic banks and banking services have been subject to various attacks since their emergence — that is, for several centuries. And over this time, they have been learning to resist such threats. The only difference is that 50 years ago, banks were attacked by criminals such as Bonnie and Clyde, and now they are attacked by hackers and internet scammers.

Classic banks follow the “5.5.7” formula and have international information security standards — for example, CobiT, which is considered entry level and is then supplemented by numerous internal regulations and scenarios for responding to intervention attempts.

Director of special projects at Group-IB Ruslan Yusufov is sure that the response to incidents must include both systems and an early warning and response plan that will allow all employees to act in accordance with regulations in the event of an incident. Everything is like that in the banking sector. A similar scheme was used by the Bancor exchange, which instantly froze its own tokens, calculated the services through which the withdrawal was planned, and entered into a coalition with them to freeze the stolen assets.

Criticism on the part of the crypto community in this case is less important than efforts to preserve the investors’ funds.

According to statistics, hackers, when attacking crypto exchanges, use tools that have been repeatedly tested on fiat banks. A study of 400 successful hacking attacks on the blockchain systems showed that popular banking services like TrickBot trojan, Vawtrak, Qadars, Triba, and Marcher were slightly modified for crypto exchanges and brought success to hackers in this way as well.

Nevertheless, the security systems of classical banks successfully resist hackers, and the established practice of tracking transactions allows customers to return the stolen funds. Why not borrow this experience? Unfortunately, in ICO teams — including those who create cryptocurrency exchanges — there is not a single IT specialist with the experience in the field of information security of banks.

Is it possible to return the money?

As practice shows, after powerful hacking attacks, crypto exchanges most often use three ways to compensate the affected users:

1. Rollback to a previous state or freeze transactions (Bitstamp, Ethereum and Bancor did this, but this contradicts the principle of blockchain’s irreversibility).

2. Compensation at the expense of other users (this way was chosen by Poloniex).

3. Return the funds of the exchange from its own profit or by issuing exchange tokens (Bitfinex and Coinrail).

Thus, stable, large exchanges that are interested in continuing its operation will offer newer and newer ways of compensating for lost funds. And this is good news for the cryptocurrency industry. Obviously, the practice when the exchange owners tried to hide information from the community about the details of the theft and disappear themselves is being slowly abandoned.

Will cryptocurrency exchanges cope with the problem of hacking attacks sometime soon? Absolutely not. There are two main approaches to hacking exchanges. The first is to gain access to accounts and closed-functionality through the hacking of the founders’ accounts and then to use malicious programs from the arsenal of bank attacks. The second is an attack on the infrastructure of the exchange itself, through the hacking of a web application linking the client to his money on the exchange servers or an attack on so-called hot wallets.

Consequently, the protection of digital assets can be achieved by the joint efforts of users and crypto banks serving the turnover of cryptocurrencies. Bancor’s head of public relations, Nate Hindman, made a statement after the hack:

“These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone [is] stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”

At the same time, Hindman believes that it is impossible to completely eliminate the possibility of hacking attacks, since attackers develop their own strategies along with the crypto industry, but these attacks can be resisted if market participants unite for joint actions and exchange of information.

As for ordinary users, the tips for preserving digital assets from hackers’ are well known:

Do not keep funds in hot wallets.

Choose well-known exchanges that disclose security policies.

Use the functionality provided by the exchange to the maximum, including 2FA.

Distribute funds between several wallets and exchanges.

Probably cryptocurrency exchanges are so often hacked because it is easy to do — and punishment for this is not regulated yet. More exchanges are attacked, more people are left without money, and someone gets away with it. But this year, things may change, since all this has started to seriously concern regulators in state and even world scale.

Along with the G20, an entire consortia of summits are being held, devoted to the issue of regulating the activity of crypto exchanges. For example, one of the Futurama Blockchain Innovators Summit concept authors Joshua Hong reported to Cointelegraph:

“There are many unreported hacking incidents of major exchanges. So, from the perspective of regular user, we do not know how severe the level of hacking [is] for most exchanges. For example, Bithumb was recently hacked, but its trading volume or commission revenue didn’t seem to get affected at all. On the other hand, other exchanges had to shut down their operation after a single blow of hacking.“

The exchanges leaders positively react to such initiative. One of them, investment strategist at Bithumb Alex Lee expressed his personal interest to take part in such discussions:

“[The] best answers to the problems in our industry can be found through proactive sharing of each other’s stories in highly personable ways. So, no matter what the issues are, be it crypto exchanges getting hacked or regulators feeling the pressure from disgruntled token investors who lost money, the solution can be found through community interactions and honest, open conversations.”

On Monday, the proposal took its next step, with Gemini launching a working group to begin developing these standards.

As explained by an introductory post on the VCA’s website, the Commodity Futures Trading Commission (CFTC) has legal jurisdiction over commodities, such as bitcoin and ether, though it does not necessarily have jurisdiction over cash and spot markets derived from commodities.

However, under the Commodity Exchange Act (CEA), the CFTC can regulate fraud or market manipulation.

“The purchase and sale of commodities in the spot/cash markets has been historically exempt from the CEA and CFTC jurisdiction. Nevertheless, cash markets for virtual commodities – as it is a less well known industry – can benefit from an additional layer of oversight. We believe that adding this layer can provide even more protection for consumers and ensure the integrity of these markets and growing industry.”

To that end, the VCA will appoint a board of directors to oversee the organization, which will commit to remaining a non-profit, independent group that can “help set and adopt global standards and best practices.”

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Crypto exchanges Gemini, Bitstamp, Bittrex, and bitFlyer USA have announced the creation of a self-regulatory organization for digital commodities, such as cryptocurrencies, Business Insider reports August 20.

The new group, dubbed “Virtual Commodity Association Working Group,” aims to help large-scale investors get more comfortable with the crypto market, work on formulating industry standards, and “be a precursor to the formation of a self-regulatory organization for digital commodities like [B]itcoin and [E]thereum” Business Insider reports.

The first meeting of the newly created association is set to take place in September this year. Business Insider quotes its source as explaining the kinds of problems the group wants to help solve:

“In equities, securities exchanges have their own organization to come up with common standards and jointly respond to declarations by regulators. The new group could serve as the equivalent for the crypto world by coming up with best practices for the industry, looking at ways to boost liquidity, and stamping out market manipulation.”

The Association has been founded by four U.S.-based cryptocurrency exchanges: bitFlyer, Gemini, which was established in 2014 by the Winklevoss brothers, Bitstamp, and a cryptocurrency exchange and wallet service Bittrex.

Meanwhile, one of the largest U.S. crypto exchanges Coinbase is not a part of the group, and has refused to comment on the initiative, Business Insider claims.

Earlier this summer, Winklevoss twins had won a patent for a system of exchange-traded products (ETPs) that could hold “digital assets” and “other products and/or services related to ETPs holding digital assets.”

Back in spring 2018, cryptocurrency exchange Gemini had announced its partnership with Nasdaq to monitor markets and mitigate the consequences of market manipulation, Cointelegraph reported April 25.

Just weeks ago, the Winklevoss Twins’ Bitcoin ETF proposal was sadly denied by the SEC, with the US regulatory body citing concerns of manipulation and security as primary reasons why such an ETF would not be successful. Following the disappointing turnout for the final verdict, the twins took to Bloomberg to declare that they were not deterred by the SEC’s decision and would continue to trudge forward.

And it seems with a recent announcement that the twins are back, and are seemingly ready to tackle regulatory worries in the crypto community. In late-July, Ethereum World News reported that representatives from Gemini met with the Nasdaq, along with a variety of other firms, to tackle the regulatory development of the crypto industry.

With the arrival of a recent announcement, it seems that Gemini has kept with the theme of pro-regulation in the cryptosphere. As per a press release issued by the so-called “Virtual Commodity Association (VCA) Working Group” will work towards becoming a prominent self-regulatory body for “virtual commodity marketplaces (exchanges).”

The VCA will be initially composed of Bitstamp, BitFlyer, Bittrex, and Gemini, which all are home to a substantially sized American audience.

Bittrex is an initial participant in the Virtual Commodity Association (VCA)’s Working Group. The Working Group will work towards the goal of establishing an industry-sponsored, self-regulatory organization (SRO) to oversee virtual commodity marketplaces. https://t.co/po08ZhlacZ

Representatives from the aforementioned four firms are scheduled to exchange formalities for the first time in September, where they will also flesh out the idea and aspirations of the newly-established VCA.

According to a somewhat pre-established meeting plan, the VCA will first highlight the guidelines for membership of the association. Secondly, exchange representatives will begin to create an outline for industry “best practices” and rules, that will only help to propagate “transparency, liquidity, risk management, and fairness.” Thirdly, member bodies will draw out a series of guidelines to address “member conflicts of interest, client communications, client disclosures, and record keeping.” And last but not least, the VCA members will do its best to establish a strong, dedicated and non-bias team of individuals to run this consortium.

Although this move is somewhat of a jab at governmental-operated bodies, the CFTC expressed its excitement for the VCA. CFTC commissioner Brian Quintez stated:

Given the absence of federal oversight jurisdiction in the crypto market, in February and again in March of this year I called on the crypto platform community to come together and develop a self-regulatory organization-like entity that could develop and enforce rules. Today’s announcement is a positive step towards that realization.

For the time being, this group will be headed by Maria Filipakis, who previously worked for the New York Department of Financial Services, where she was an integral part of the NYDFS’ move to establish the coveted “BitLicense.”

It is widely speculated that the introduction of a self-regulating conglomerate, like the VCA, will hail in another round of institutional interest, as traditional firms may realize that the crypto industry isn’t as rife with anti-regulatory madness as they may think.

For the first time, Fortune has created a crypto-focused version of its prestigious “40 under 40” honor roll for the most impressive young disruptors in the finance and technology industry, published July 23.

Dubbed “The Ledger 40 under 40,” the list is dedicated to innovators at the helm of the “financial revolution” ushered in by cryptocurrencies, blockchain, and other distributed ledger technologies.

In third place is Jihan Wu, 32, the co-founder of Beijing-based mining hardware titan Bitmain — reportedly now valued at $12 billion after a recent round of funding. Fortune notes Wu’s support for the “controversial” Bitcoin (BTC) fork, Bitcoin Cash (BCH), as well as his interest in stablecoins and aspiration to develop artificial intelligence (AI) mining chips.

The list includes figures who have decamped from the traditional financial sector to become crypto industry front runners, alongside those who aim to lead the “revolution from within.”

Amber Baldet, 35, former blockchain program lead at JPMorgan Chase, is ranked eleventh for co-founding blockchain startup Clovyr, her former position as lead developer of Quorum, and her recent appointment to the board of the Zcash Foundation — the nonprofit that governs anonymity-oriented altcoin Zcash (ZEC).

Public filings released in late May establish the strongest link yet between Bitstamp and Korean gaming firm Nexon, which was rumored to have bought the cryptocurrency exchange earlier this year.

Those rumors date back to the spring when sources indicated that Nexon would pay as much as $500 million for Bitstamp, one of the industry’s longest-running bitcoin exchanges. Word of the acquisition also came months after Nexon bought a majority stake in crypto exchange Korbit for roughly $80 million in September 2017.

Business Insider later reported in April that Nexon was in talks to acquire Bitstamp for $350 million. Lee Jungheon, CEO of Nexon Korea, said in the wake of that report that “Nexon Korea does not have anything to do with a Bitstamp acquisition” according to the Korea Herald.

But a corporate disclosure submitted by Nexon Group holding company NXC and obtained by CoinDesk suggests that some kind of deal took place. NXC, Nexon Group’s parent company, is 98.28 percent owned by Nexon founder Kim Jung-ju and his family.

According to the report, NXC owns 100 percent of a Belgian company called NXMH B.V.B.A., an investment and consulting firm. NXHM B.V.B.A., with 99 percent ownership, created Bitstamp Holdings N.V., also a Belgian company, on February 1 of this year.

The report states that Bitstamp Holdings N.V. acquired 100 percent of Bitstamp Japan Co., Ltd on April 25.

But while the documents establish a link to Bitstamp, it’s not clear whether they constitute an “acquisition” of Bitstamp given the lack of information regarding Bitstamp Japan Co., Ltd. The exchange is run by Bitstamp Limited, which is based in the United Kingdom and has offices in Luxembourg and New York.

A Nexon representative said that Bitstamp Holdings isn’t the operator of the exchange, and when asked about the relationship there, the rep said that they “cannot disclose any further information at this moment.” Bitstamp did not immediately respond to a request for comment.

Game maker push

If confirmed, the deal would represent the latest industry buy for the gaming company, which has released a number of titles for desktop and mobile platforms.

The purchase of Bitstamp Japan Co., Ltd also followed a record-setting year for Nexon. The company reported more than $2 billion in revenue for 2017, an increase roughly 28 percent over the prior year’s figures.

Nexon isn’t the only gaming company with its eyes on the crypto space, however.

Gumi, a mobile game maker based in Japan, launched a $30 million investment fund earlier this year focused on the tech. And major industry companies like Ubisoft and Unity have also made similar moves in recent months.

Nexon executives have remarked on the technology as well in the past. Back in March, Owen Mahoney, CEO of the Nexon’s U.S. arm, cited blockchain during an interview with CNBC as a tool for improving the gamer experience.

“People want to trust other people within new games, and blockchain technology can help bring that reputation across different sort of games,” he was quoted as saying.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

The Chicago Mercantile Exchange (CME Group) in partnership with Crypto Facilities, a UK-based digital asset exchange specializing in Bitcoin futures, have launched the CME CF Ether-Dollar Reference Rate and Real Time Index, according to an announcement May 14. The indexes will provide users access to a real-time Ether (ETH) price in US dollars.

According to a press release, the CME CF Ether-Dollar rates will “provide a standardized reference rate and spot price index”. Both rates will reportedly be calculated by Crypto Facilities, and will be based on transactions and order book activity from crypto exchanges Bitstamp and Kraken. CME Group further states that “the oversight of the products is managed by an independent committee that sets forth a code of conduct and meet to review the practice standards.” According to CME:

“The products include a spot price index called the CME CF Ether Dollar Real Time Index, known as ETH_RTI_USD, and a reference rate called the CME CF Ether Dollar Reference Rate, known as ETH_RR_USD… ETH_RTI_USD is a real time index of the US dollar price of one Ether published once per second 24 hours a day 365 days per year. This index provides real time transparency to the US dollar price of Ether. ETH_RR_USD is a daily reference rate of the US dollar price of one Ether as of 4 p.m. London time…”

Tim McCourt, Managing Director and Global Head of Equity Products and Alternative Instruments at GME Group said:

“The Ether Reference Rate and Real Time Index are designed to meet the evolving needs of the marketplace. Providing price transparency and a credible price reference source is a key development for users of Ethereum.”

Video game company Nexon Korea has denied that they are in talks to acquire the Bitcoin (BTC) exchange Bitstamp, local news outlet The Korean Herald reported yesterday, April 25.

The company’s denial comes after Business Insider wrote yesterday about a possible deal rumoured between Nexon Korea and Bitstamp, where the latter would acquire the former for around $350 mln. In late March, Cointelegraph wrote about reports that Bitstamp was to be sold to unnamed South Korean investors for around $400 mln.

Nexon Korea CEO Lee Jung-hun said at a press conference at Nexon Korea headquarters Wednesday, April 25, that “Nexon Korea does not have anything to do with a Bitstamp acquisition,” adding:

“We do not have any plans to link cryptocurrencies with our game business.”

Lee Jung-hun, who addressed the public at the press conference for the first time since he became CEO in January, added that Nexon does see potential in possibly using Blockchain technology for game development.

Nexon is a global video game company founded in Seoul, South Korea, and is headquartered in Tokyo, Japan. The company is owned by NXC Corporation, which bought a 65.19 percent stake in Korean crypto exchange Korbit last year.

Bitstamp, which is based in Luxembourg, is currently ranked number 10 on CoinMarketCap for 24 hour trading volume, having traded almost $448 mln on the day to press time.

New York’s attorney general is taking a closer look at some of the world’s most popular cryptocurrency exchanges.

Attorney General Eric Schneiderman announced the “Virtual Markets Integrity Initiative” on Tuesday, saying it was “a fact-finding inquiry into the policies and practices” of cryptocurrency trading platforms. Letters were sent to 13 exchanges, seeking information about their “operations, use of bots, conflicts of interests, outages, and other key issues,” according to a press release published on Tuesday.

“With cryptocurrency on the rise, consumers in New York and across the country have a right to transparency and accountability when they invest their money. Yet too often, consumers don’t have the basic facts they need to assess the fairness, integrity, and security of these trading platforms,” Schneiderman was quoted as saying.

Letters were sent to the companies that operate GDAX, Gemini, bitFlyer, Binance, itBit, Gate.io, Huobi.Pro, Bitfinex, Bitstamp, Bittrex, Kraken, Tidex and Poloniex (the latter of which was recently acquired by Circle).

According to Schneiderman, the inquiry is also focused on key issues such as “internal controls and safeguards to protect consumer assets.” In statements, Schneiderman’s office said that the effort would also focus in part on the exchanges that explicitly do not operate in New York because of regulatory concerns.

“We are aware that certain trading platforms have formal rules barring access in New York and may not have a license to engage in virtual currency business activity in New York. Among other topics, we are asking platforms to describe their measures for restricting trading from prohibited jurisdictions,” the announcement stated.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.